The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

powerfu (6) [Avatar] Offline
#1
Hi,

I've encountered the following interest problem:
The attribute of xmlns is being ignored by the server.

For example:
When I post a simple register message like:
<iq type='set' id='reg_id'>
<query xmlns='jabber:iq:register'>
<username>Hi</username>
<password>Hi</password>
</query>
</iq>

The server reads that message as: (missing the xmlns part in <query> )
<iq type='set' id='reg_id'>
<query>
<username>Hi</username>
<password>Hi</password>
</query>
</iq>

To illustrate the point, when I pass the following message to the server:
<iq type='set' id='reg_id'>
<query aaaaa="kkkkkk" xmlns='jabber:iq:register' jklasafdsa="qqqqqqqqqqqqqq">
<username xmlns="llllllllll" jkljkljlk="fsafdsafdsafdsafdsa">HI</username>
<password>HI</password>
</query>
</iq>

The server will read as:
<iq type='set' id='reg_id'>
<query aaaaa="kkkkkk" jklasafdsa="qqqqqqqqqqqqqq">
<username jkljkljlk="fsafdsafdsafdsafdsa">HI</username>
<password>HI</password>
</query>
</iq>

The xmlns and its value disappear.

I couldn't find out how this happen from the code.

Please help!
iain (56) [Avatar] Offline
#2
Re: xmlns problem
Hi,

The server code from the book assumes "simplified" Jabber which primarily ignores namespaces except where namespaces select behavior in the server. You can turn namespace support on in Xerces and namespaces will be enforced by the parser. However, I don't think it will create the behavior I think you're trying to produce.

In general, although newer XMPP and Jabber servers do handle namespaces in a strict manner, the older Jabber servers common when the book was published will not. So any namespace tricks like the ones in your example won't work universally.

In the old Jabber servers, the common way to piggyback custom data in a separate namespace is to use an "x" element with a custom namespace:

<x xmlns="http://myserver.com/specialdataprotocol.xml">
<blah>data</blah>
</x>

This will work pretty universally in both old and new XMPP and Jabber servers.

-iain
powerfu (6) [Avatar] Offline
#3
Re: xmlns problem
My main concern is:

When I passed a signed message, looks like the following, to the server.

<message Id="484badb6f6e461fcf87c408839deb1c2dd444d21" from="hi@shigeoka.com" to="hi1@shigeoka.com" type="chat">
<subject>I don't know the subject of this message.</subject>
<body>
This is the message.
</body>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#484badb6f6e461fcf87c408839deb1c2dd444d21">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds: DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds: DigestValue>TEqYQm1FfAV0ACAQgZpYSB9o4kU=</ds: DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
VKMxw+Y0KMEchoDVzpD/A99ETvfy6qTk1HEygKYvOR9dsu4WFS0F1omqIch7bGWti3KyxENcAwaX
4qKgp31yyA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIBLDCB16ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMTCUxvd1NlcnZlcjAeFw0w
NDEyMDIyMDExMTBaFw0wNTEyMDIyMDExMTBaMBQxEjAQBgNVBAMTCUxvd1NlcnZlcjBaMA0GCSqG
SIb3DQEBAQUAA0kAMEYCQQCf47dGoOOkAkCYJFKEXlT+4oFpGRysAyOjvNlF+KCoj/G37tSIOgHC
x7HenSt3XIlPkWYT0tNOgdFSOVJcyg6dAgERoxYwFDASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqG
SIb3DQEBBQUAA0EAQCerXu4OdV/bHw6YTO1A2brC3ccMxkRnDuGRW7fnw8txEriuaKU608AqmkA4
kVrJWf5wJH8oLK1eT7MuBFEGGQ==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature></message>

The server will read <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> as
<ds:Signature>
The xmlns part is dropped, and therefore, the server can't verify the signature correctly.

Is there any way to get around with this, so that the server gets exactly what I passed?

Thanks very much.
iain (56) [Avatar] Offline
#4
Re: xmlns problem
You can turn on namespace enforcement in the XML parser. Unfortunately I don't think the XML generation is namespace aware and you'll need to tweak that to pass namespaces back out properly.

In general what you're doing is beyond the example source code's design so you'll need to do a lot of tweaking to get it to be robust for your scenario. You should investigate using a "real" XMPP server as a base for your project (especially if you don't need to be building the server from scratch... I don't know if that's a requirement or not).

A good place to start is the Jive XMPP/Jabber open source projects:

http://www.jivesoftware.org

Messenger is a GPL XMPP server that should do pretty much anything you want, and since it is GPL you're free to download and modify the source code if it doesn't meet your needs. (Disclaimer, I wrote most of the original Messenger codebase but it is being actively worked on by Gaston for Jive.)

They also have the Smack open source library which makes working with XMPP/Jabber at the packet level MUCH easier than hand coding it. smilie

-iain
powerfu (6) [Avatar] Offline
#5
Re: xmlns problem
Can you please tell me how to turn on namespace enforcement in the XML parser? Where are the tweakings that need to be done? All I have now is the xerces.jar. Does that means I have to use another parser?

I spent a lot of time on your jabber code and I have already done a lot of tweakings to it. I would feel like I wasted all my time if I move to Jive now. Therefore, I am trying to avoid that at all costs.

Thanks so much for your help.
iain (56) [Avatar] Offline
#6
Re: xmlns problem
Hi,

Understood. You'll have to look at the Xerces documentation but I believe it's something simple like a properties setting when you start the process:

java -Dproperty=value Classname

Like that. I don't know what the property name is though. You can also set it in code by setting the System properties before starting the parser. And probably there is a method on the xerces parser itself that sets whether it is namespace aware or not. Unfortunately I'm not a Xerces guru by any stretch of the imagination so I have no clue what the settings are.

Once you do that, you may have to go back into the code and look for places where it is looking for elements like <message> and make sure it's also setting the namespace appropriately or the handlers won't fire when expected (so probably turn it on and test and if you see handlers not responding anymore, then look for where it's looking for the sax events and make sure it's using the correct namespace).

Unfortunately the version of Xerces used by the book source is pretty old so finding the documentation may be difficult. As a half-way step, you might want to attempt to change the parser out for another one. I used the XML pull parsers for the Jive implementations because it's well suited to XMPP (much better than sax). There's a Java standard for them now called StAX so if you google that you should find plenty of docs and implementations. StAX is also nice because it not only parses XML but also writes out XML so you can use it for both input and output of data.

Beyond that, I would advise you to look at the Jive software. I understand the curve necessary to switch over if you've already put a lot of time into the book source but the book code was written for educational rather than production goals (as you probably know by now if you've been using it). However, if you're goin to be working on this software for a significant amount of time or for something beyond simple messaging, the Jive implementations are much more robust, fully featured, and Gaston just added s2s (server to server) support which opens up the XMPP/Jabber system from just one server, to the entire XMPP/Jabber network.

-iain
powerfu (6) [Avatar] Offline
#7
Re: xmlns problem
Thank you so much for your informative advise.

I truly appreciate it!
iain (56) [Avatar] Offline
#8
Re: xmlns problem
My pleasure. let me know if you need more advice. If you do decide to try to switch out Xerces for a pull parser, you should download the source to Smack from jivesoftware.org to see how they're doing it. It's good example code and pretty clean (both code and the API). That should get you off to the right start.

-iain